{"id":17927,"library":"resource-http","title":"Opinionated Express.js HTTP Server Resource","description":"The `resource-http` library provides an opinionated framework for quickly setting up an HTTP server based on Express.js. It bundles common web application functionalities such as static file serving, user sessions, HTTPS/SSL, WebSockets, OAuth authentication (via Passport), view rendering (via the `view` module), i18n support (via `i18n-2`), and body parsing, all configurable through a single options object. Currently at version 1.3.0, the package appears to be unmaintained, with its last publish date in 2014 and explicitly relying on Express 4.x.x, which is a significantly outdated version of Express. Its core value lies in abstracting away individual middleware integrations for rapid prototyping, but its age makes it unsuitable for modern production environments.","status":"abandoned","version":"1.3.0","language":"javascript","source_language":"en","source_url":"ssh://git@github.com/bigcompany/resource-http","tags":["javascript","http","resource","resources"],"install":[{"cmd":"npm install resource-http","lang":"bash","label":"npm"},{"cmd":"yarn add resource-http","lang":"bash","label":"yarn"},{"cmd":"pnpm add resource-http","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core HTTP server framework (specifically Express 4.x.x).","package":"express","optional":false},{"reason":"OAuth Single Sign On (SSO) functionality.","package":"passport","optional":false},{"reason":"View template rendering support.","package":"view","optional":false},{"reason":"Internationalization (i18n) support.","package":"i18n-2","optional":false},{"reason":"Optional Redis store for session management.","package":"connect-redis","optional":true}],"imports":[{"note":"This package is CommonJS-only and relies on the `require()` syntax. Direct ES Module `import` syntax will not work without a CommonJS-to-ESM wrapper or a custom Node.js loader configuration. The imported `http` object directly exposes the `listen` function and other utilities.","wrong":"import http from 'resource-http';","symbol":"http","correct":"const http = require('resource-http');"},{"note":"The `listen` function is a property of the main exported `http` object, not a named export. Attempting to destructure it as a named export from an ES Module import will fail due to the package's CJS nature.","wrong":"import { listen } from 'resource-http';","symbol":"listen","correct":"const http = require('resource-http');\nhttp.listen({ port: 8080 }, (err, app) => { /* ... */ });"},{"note":"The Express `app` instance is exposed via the callback of the `http.listen` function, not directly as an export from the package. It is an instance of an Express 4.x.x application.","wrong":"const app = require('resource-http').app;","symbol":"app","correct":"const http = require('resource-http');\nhttp.listen({ port: 8080 }, (err, app) => {\n  // `app` is an Express application instance\n  app.get('/', (req, res) => res.send('Hello'));\n});"}],"quickstart":{"code":"const http = require('resource-http');\nconst fs = require('fs');\n\n// all options are optional and will default to a reasonable value if left unset\nhttp.listen({\n  port: 8888,\n  wss: true, // enables websocket server\n  host: 'localhost',\n  root: __dirname + \"/public\",\n  view: __dirname + \"/view\",\n  cacheView: true, // caches all local view templates and presenters into memory\n  uploads: false,\n  https: false, // enables https / ssl, requires key, cert, ca\n  autoport: true, // will auto-increment port if port unavailable\n  bodyParser: true, // parse incoming body data automatically, disable for streaming\n  sslRequired: false, // redirects all http traffic to https\n  onlySSL: false, // will only start https server, no http services\n  noSession: false, // removes all session handling from server\n  nodeinfo: false, // makes /_info route available for node information\n  nodeadmin: false, // makes /_iadmin route available for node administration\n  // For HTTPS, you would need to provide actual key, cert, and ca files:\n  // key: fs.readFileSync(__dirname + \"/ssl/server.key\").toString(),\n  // cert: fs.readFileSync(__dirname + \"/ssl/cert.crt\").toString(),\n  // ca: fs.readFileSync(__dirname + \"/ssl/ca.crt\").toString(),\n  secret: \"supersecret\", // session password\n  redis: { // optional redis store for sessions, requires `connect-redis` package\n    host: \"0.0.0.0\",\n    port: 6379,\n    password: \"foobar\" // replace with process.env.REDIS_PASSWORD ?? '' in production\n  },\n  auth: {\n    basicAuth: {\n      username: 'admin',\n      password: 'admin' // replace with process.env.ADMIN_PASSWORD ?? '' in production\n    }\n  }\n}, function(err, app){\n  if (err) {\n    console.error('Server failed to start:', err);\n    return;\n  }\n  console.log('Server listening on', app.server.address());\n  // from here, app is a regular Express.js server\n  app.get('/foo', function (req, res){\n    res.end('got /foo');\n  });\n  app.get('/', function (req, res){\n    res.end('Hello from resource-http!');\n  });\n});","lang":"javascript","description":"This example demonstrates how to initialize and configure an HTTP server using `resource-http`, including basic routing and common options like WebSockets and session management. It creates an Express app instance and attaches a simple GET route."},"warnings":[{"fix":"Migrate to a modern, actively maintained HTTP server framework like Express 5.x.x, Fastify, or Koa, ensuring all dependencies are up to date and regularly patched.","message":"This package is abandoned and has not been updated since 2014. It relies on Express 4.x.x, which is severely outdated and contains numerous known security vulnerabilities. Using this package in any production environment is strongly discouraged due to unpatched security flaws in its core dependencies and the package itself.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"NEVER enable `nodeinfo` or `nodeadmin` on any server, especially those exposed to the public internet. If this functionality is required, implement robust authentication and authorization layers yourself using a modern framework.","message":"The `nodeinfo` and `nodeadmin` options (if set to `true`) expose sensitive system information and administrative interfaces via HTTP routes (`/_info`, `/_iadmin`). Enabling these options on an unsecured server creates a critical security vulnerability, allowing unauthorized access to server diagnostics and control. This risk is compounded by the package's abandonment.","severity":"security","affected_versions":">=1.0.0"},{"fix":"Rewrite server logic using a current version of Express (5.x.x) or another framework, adapting to modern patterns and dependency management.","message":"The package's reliance on Express 4.x.x means it does not support modern Node.js features, ES Modules, or the latest Express API paradigms. Many common middleware and practices have evolved significantly since its last update.","severity":"deprecated","affected_versions":">=1.0.0"},{"fix":"Thoroughly audit and update all transitive dependencies if forced to use this package, or better yet, migrate to a modern solution.","message":"All third-party dependencies mentioned in the README (e.g., `passport`, `view`, `i18n-2`, `connect-redis`) are likely also outdated and may have their own security vulnerabilities or compatibility issues with newer Node.js versions. These dependencies are not explicitly listed in the `package.json` for `resource-http` itself, meaning you might have to manually install very old, insecure versions.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Ensure your project is configured for CommonJS (e.g., remove `\"type\": \"module\"` from `package.json`, or use a transpiler like Babel). If using Node.js, you might need to use a dynamic import `import('resource-http')` or a CJS wrapper, but this package is too old to guarantee compatibility.","cause":"Attempting to use `require()` in an ES Module (ESM) context when `resource-http` is a CommonJS (CJS) module.","error":"TypeError: require is not a function"},{"fix":"Carefully review your route handlers and middleware to ensure that `res.send()`, `res.end()`, or similar response-sending methods are called only once per request-response cycle. Use `return` after sending a response to prevent further execution in the handler.","cause":"This is a common Express.js error, often indicating that a response was already sent (e.g., `res.send()`, `res.end()`, `res.json()`) before another attempt to modify the headers or send another response was made. This can be more prevalent with older, less robust middleware.","error":"Error: Can't set headers after they are sent to the client"},{"fix":"If this error occurs, try setting `NODE_OPTIONS=--openssl-legacy-provider` when running Node.js (e.g., `NODE_OPTIONS=--openssl-legacy-provider node server.js`). This is a temporary workaround; the long-term fix is to update certificates and cryptographic algorithms to modern standards, or, ideally, migrate from this abandoned package.","cause":"Occurs with Node.js 17+ when using older OpenSSL features, often triggered by outdated HTTPS/SSL configurations or certificates generated with deprecated algorithms, which this older package might default to or expect.","error":"ERR_OSSL_EVP_UNSUPPORTED"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}